NSDI '06 — Abstract
Pp. 101–114 of the Proceedings
The Dark Oracle: Perspective-Aware Unused and Unreachable Address
Discovery
Evan Cooke, Michael Bailey, and Farnam Jahanian, University of Michigan; Richard Mortier, Microsoft Research Cambridge, UK
Abstract
Internet traffic destined for unused or unreachable
addresses provides critically important information on malicious and
misconfigured activity. Since Internet address allocation and policy
information is distributed across many devices, applications, and
administrative domains, constructing a comprehensive map of unused and
unreachable ("dark") addresses is challenging. In this paper, we present an
architecture that automates the process of discovering these dark addresses by
actively participating with allocation, routing, and policy systems. Our
approach is to adopt a local perspective revealing unreachable external
addresses and unused private and local addresses, and enabling the detection
of threats coming into and out of a network. To validate the approach, we
construct a prototype system called the Dark Oracle that uses internal and
external routing data and host configuration information, such as DHCP logs,
to automatically discover dark addresses. We experimentally evaluate the
prototype using data from a large enterprise network, and a regional ISP, and
from deployment of the Dark Oracle on a large academic network.
- View the full text of this paper in HTML and PDF. Listen to the presentation in MP3 format.
Until May 2007, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
|
